github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-02 04:08:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: throw error when link in reason for grant badge is an external link (#6690)

Browse Source
This commit is contained in:
Saurabh Patel
2018-11-28 22:31:41 +05:30
committed by Régis Hanol
parent 3ae4c9ab6d
commit 55945ec7c8
3 changed files with 56 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/user_badges_controller.rb
View File

@ -50,14 +50,17 @@ class UserBadgesController < ApplicationController
user = fetch_user_from_params
unless can_assign_badge_to_user?(user)
render json: failed_json, status: 403
return
return render json: failed_json, status: 403
end
badge = fetch_badge_from_params
post_id = nil
if params[:reason].present?
unless is_badge_reason_valid? params[:reason]
return render json: { failed: I18n.t('invalid_grant_badge_reason_link') }, status: 400
end
path = begin
URI.parse(params[:reason]).path
rescue URI::Error
@ -116,4 +119,9 @@ class UserBadgesController < ApplicationController
def ensure_badges_enabled
raise Discourse::NotFound unless SiteSetting.enable_badges?
end
def is_badge_reason_valid?(reason)
route = Discourse.route_for(reason)
route && (route[:controller] == 'posts' || route[:controller] == 'topics')
end
end